For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Durga_Dash_2124's avatar
Durga_Dash_2124
Icon for Nimbostratus rankNimbostratus
Jun 02, 2008

Shared Virtual Server HTTP to HTTPS redirect

I want to build a single virtual server that will respond to requests both on port 80 and 443. I want port 80 traffic to be redirected to port 443. Also the servers on the internal pool listen on both...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jun 02, 2008
If you're trying to insert the output from an SSL-based command, you'd want to only attempt it for HTTPS connections. The SSL:: commands wouldn't be valid if the clientside connection was non-HTTPS. So add the header insert line within the 'else' block of the HTTP_REQUEST event: 

 
 when HTTP_REQUEST { 
  
     If redirect_http_to_https is enabled and the request was made to an HTTP port, redirect the client to the same host/URI over HTTPS 
    if { ($::redirect_http_to_https == 1 or ([info exists redirect_http_to_https] && $redirect_http_to_https)) && \ 
       ([info exists vip_http_port] && $vip_http_port==1)}{ 
  
       HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] 
       if {$::debug}{log local0. "redirecting client [IP::client_addr] to https://[getfield [HTTP::host] \":\" 1][HTTP::uri]"} 
  
    } else { 
       HTTP::header insert SSLClientCipher [SSL::cipher name],\x20version=[SSL::cipher version],\x20bits=[SSL::cipher bits] 
    ... 
    } 
 }

If you're already checking that the requested port is HTTPS before trying to insert the HTTP header, can you post the full rule you get the error with?

Another way to insert a space would be to wrap the header value in double quotes:

HTTP::header insert SSLClientCipher "[SSL::cipher name], version=[SSL::cipher version], bits=[SSL::cipher bits]"

Aaron